Randy's cell phone 250-7618
jungledisk.com cheap storage.
ips – intrusion protection system
metasploit – pen testing tool.
tripwire
iftop, ntop, dnstop
honeywall – installed on a box with 3 interfaces can work as a tap.
block outbound 80,443 on web servers
powershell available for windows, but that is not what we are covering today.
pwd:
cd
command prompt location
c:\windows\system32\cmd.exe
with colors:
start /t:0a
Windows File protection
wfp
service control query
sc query
command line registry editor
reg reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
network configuration
netsh
starting control cpl's“
http://www.vlaurie.com/computers2/Articles/control.htm
netsh firewall set opmode disable
Behavioral analysis
snort -vd | tee /tmp/sniff.log Code Analysis
products to revert a system
CoreRestore hardware board $150
Rebuild PE headers
imprec
—- common passwords
infected virus malware
—- Windows diff command. This works on binaries!
fc
—-
Analyzing Malicious Sites
Use a text based browser
wget lynx
wget “http://malicious.com/” –user-agent=“Mozilla/4.0…Page 4-29..” let you pose as another browser.
Javascript decoder if encoded with the Microsoft encoder tool jscript.encode. not used much since not compatible with other browses.
c:>scrdec14.exe installer.htm decoded.htm
Now custom obfuscation techniques used
print script text to page and don't execute.
firebug for firefox
don't execute scripts
noscript
airPwn Karma metasploit kismit newcore
WiFiDEnum wireless Driver vulneralbility assessment